Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming “please hack me”.
I mean… For real, I’ve never heard of Linux systems being hacked this way. I’m sure it’s possible, but it certainly seems rarer.
Slipping shit in upstream also certainly doesn’t happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can’t automate those kinds of attacks. (I imagine. Correct me if I’m wrong.)
It does happen occasionally, from time to time, but, because everything is gasp open source, it tends to get caught, identified, blocked/quarantined and then fixed considerably more rapidly, with decent fallback instructions/procedures in that interim period.
Like apparently it actually just recently happened with some asshole uploading bs malware libs/sources to the AUR… even still, got caught pretty quickly.
Also, you can basically describe the entire CrowdStrike fiasco as exactly this kind of upstream oopsie doopsie.
Doesn’t really matter in the big picture if it was intentionally malicious or not, when you Y2K 1/4 of the world’s computer systems.
When there’s a high profile bug in an important FOSS project, everyone and their dog is looking for a fix. Usually it’ll be patched within days, if not hours, of being reported.
When there’s a high profile bug in a closed size source project, the company backing it will deflect and delay until they’re forced to fix it, and they can sometimes get away with it for years or even decades.
All software has bugs, which remain strategy do you prefer?
I mean, myself personally, I prefer to simp and fanboy for my favorite exploitative corperate overlord, because I’m sure there are good reasons everyone uses them, despite their well documented history of massive fuckups and fuckovers of all possible kinds!
Mate have a look at the SharePoint vulnerability. It’s embarrassingly bad. Like really really bad, and btw so bad that it’s very easy to understand and exploit. And prevent too, if a jr in my team did this I’d get them in trouble.
Random Windows ‘Powerusers’ obviously know more about programming and cybersecurity than people who actually do that for a living, as a professional line of work, duh!
See, I wrote a bash file once, so I basically know everything about software dev, especially on linux as well, which is basically just the whole OS is powershell, right?
Oh wonderful. Replacing all IT because they were hacked? Let me guess, they will use Windows, Exchange, and MS Office again on the new system. The software triumvirate screaming “please hack me”.
Removed by mod
I mean… For real, I’ve never heard of Linux systems being hacked this way. I’m sure it’s possible, but it certainly seems rarer.
Slipping shit in upstream also certainly doesn’t happen "that* often. It takes effort to become recognised enough as a developer to be allowed access to the upstream code, meaning you can’t automate those kinds of attacks. (I imagine. Correct me if I’m wrong.)
Removed by mod
I know of one successful supply chain attack in FOSS.
So still points for using it.
I… Don’t understand what you said here 🫤
It does happen occasionally, from time to time, but, because everything is gasp open source, it tends to get caught, identified, blocked/quarantined and then fixed considerably more rapidly, with decent fallback instructions/procedures in that interim period.
Like apparently it actually just recently happened with some asshole uploading bs malware libs/sources to the AUR… even still, got caught pretty quickly.
Also, you can basically describe the entire CrowdStrike fiasco as exactly this kind of upstream oopsie doopsie.
Doesn’t really matter in the big picture if it was intentionally malicious or not, when you Y2K 1/4 of the world’s computer systems.
Exactly.
When there’s a high profile bug in an important FOSS project, everyone and their dog is looking for a fix. Usually it’ll be patched within days, if not hours, of being reported.
When there’s a high profile bug in a closed size source project, the company backing it will deflect and delay until they’re forced to fix it, and they can sometimes get away with it for years or even decades.
All software has bugs, which remain strategy do you prefer?
I mean, myself personally, I prefer to simp and fanboy for my favorite exploitative corperate overlord, because I’m sure there are good reasons everyone uses them, despite their well documented history of massive fuckups and fuckovers of all possible kinds!
/s
Mate have a look at the SharePoint vulnerability. It’s embarrassingly bad. Like really really bad, and btw so bad that it’s very easy to understand and exploit. And prevent too, if a jr in my team did this I’d get them in trouble.
No no, you don’t get it.
Random Windows ‘Powerusers’ obviously know more about programming and cybersecurity than people who actually do that for a living, as a professional line of work, duh!
See, I wrote a bash file once, so I basically know everything about software dev, especially on linux as well, which is basically just the whole OS is powershell, right?
/s/s/s